1. Field of the Disclosed Embodiments
This disclosure relates to systems and methods for implementing an automated security policy for an organization, particularly through implementing a semantic model in a formal modeling language such as Unified Modeling Language Model (UML), Web Ontology Language (OWL), Semantic Application Design Language (SADL), a controlled-English language that maps directly into OWL, or any other semantic language capable of capturing the instances, classes, and relationships of the security domain in such a way as to render the model computable.
2. Related Art
The information security of an organization is generally governed at the highest levels by the existence of policies, guidelines and standards. These policies, guidelines and standards are generally provided in written form. One or more individuals in the organization are then tasked with developing information security procedures, requirements and, in many cases, specific configurations for information security policy implementation and enforcement. Within this structure also decision points are often established in order to determine whether the organization's security infrastructure is meeting the organization's security needs.
Conventionally, the implementation of information security with an organization is largely human dependent. In this regard, the establishment and enforcement of an information security policy is subject to specific interpretation. In general, there does not exist a comprehensive framework for capturing, for instance, relationships between overarching policy objectives and specific security implementation guidelines. Security policy implementation within an organization, therefore, tends to be undertaken on an ad hoc basis.
In conventional implementations, a corporate policy is drafted by senior members of the organization. The corporate policy drives development of specific business policies. Business guidelines and standards are then generally relied upon to shape security requirements. Standard operating procedures may then be developed to enforce compliance requirements on appropriate devices within the organization's information sharing network. It is rare that the senior members of a corporation structure the corporate policy then draft the security requirements or the standard operating procedures. Rather, other members of the organization interpret the corporate policy to establish certain guidelines for the particular business of the organization. Within the framework of the business guidelines, security requirements are established. The security requirements are then interpreted, by perhaps another group of individuals, to produce a specific information security configuration for the organization.
The lack of a comprehensive framework makes it difficult for the individuals tasked with implementing, overseeing and enforcing information security policy to ensure, with any degree of confidence, that the security infrastructure properly reflects the organization's overall goals and objectives. This difficulty is exacerbated in the all-too-often occurrence where a change in certain situational factors dictates some shift in the security posture of the organization. Absent an overarching framework, it is difficult for any individual or group to first visualize, and then analyze, an overall impact of potential changes.
This difficulty becomes even more acute in instances where, for example, security policies are intended to be shared between organizations. In these situations, where it is important to ensure that data flow between organizations remains secure, it is often important to ensure that security procedures and implementations in all participating organizations are comparable and compatible.
The current manual process, overseen by the specified individual(s) suffers from a number of significant drawbacks in meeting the above objectives. Even in small single organization implementations, the ultimate security configurations are oftentimes unverifiable. A very basic difficulty exists in interpretation of the terminology used in preparing and interpreting policies, guidelines, standards, procedures, requirements, and ultimately configurations for the security policy implementations. A small organization may have only one individual who is tasked with overseeing security policy implementation through the manual process. The manual process, however, requires that the terms that are used in establishing the policy, generating guidelines, and distilling the security requirements be independently interpreted by that individual who is tasked with setting the security configuration. Unfortunately, within this task of interpretation, there exists an unavoidable level of semantic ambiguity. This semantic ambiguity often then leads to differing interpretations of the requirements and the configuration by even a small group of individuals tasked with carrying out the security implementation, or between the individual noted above who is tasked with carrying into effect the security policy today, and that individual's successor.
As organizations grow in size and the numbers of people and network components increase significantly, changes in configuration, required updates and specific maintenance to individual network components may go largely untracked other than with regard to a single specific component that is being re-configured, updated or fixed. In a comprehensive network environment, changes, updates and maintenance of components at a specific level in the organization may be undertaken in a manner disconnected from corresponding changes, updates and maintenance at other levels in the organization. A result is that a specific change in configuration, update or fix may not be adequately managed network wide. An impact of a specific change in configuration, update or fix, which could have a significant effect on other levels of the organizational infrastructure, may be implemented without a complete assessment regarding the significance of that effect.
A reliance on individual humans in the loop further then suffers because there is incomplete, if any, detailed turnover from one individual to the next regarding a specific interpretation of what a particular term in a particular security configuration entails. Simply put, different individuals, without detailed guidance, which is often non-existent, will likely interpret a large number of terms in a security policy implementation in different ways leading to potentially vast differences in implementation of the security policy. Significant difficulties are then encountered in verification of the security policy implementation as those metrics are then themselves open to broad interpretation. The manual process, therefore, requires a level of expert intuition for completeness. Even with that expert intuition, however, a measurable level of consistency in the manual process remains largely unachievable.
For the above reasons, security policy implementations within organizations, or across organizational lines where required, end up being subject to significant interpretation leading to wide variability in carrying out security policies. With increasing levels of sophistication in security infrastructures, these shortfalls become magnified. As such, the outcome of the security policy implementation may be decidedly different from what was intended.
Modeling tools exist that can implement and track specified sets of instructions for task accomplishment. Automated manufacturing and automated inventory control employ such modeling tools. These modeling tools are implemented in a manner that leaves little room for interpretation. In the case of automated manufacturing, this leads to repeatable outcomes in the details of the manufactured articles. If room existed for interpretation of a specification for a manufactured article, it is likely that unacceptable variations in the manufactured article would be introduced. In like manner, in the case of automated inventory control, if there were room for interpretation, inventory management would quickly suffer.